Home > News > featured news > Sternum’s Solution Beats BotenaGo Malware Targeting Millions of Devices in a Live Trial

SECURITY

Sternum’s Solution Beats BotenaGo Malware Targeting Millions of Devices in a Live Trial

Sternum | February 08, 2022

Sternum, the universal Internet of Things (IoT) cybersecurity and analytics platform provider, reveals a successful live-fire test of its smart device security platform against BotenaGo malware. Sternum’s unique solution, which looks out for generic fingerprints of an attempted attack to protect the device’s runtime integrity, kept an unpatched device protected in multiple attacks utilizing an exploit from the virus’s arsenal.

Botnet malware seeks out vulnerabilities in millions of IoT devices and uses those to deploy malicious payloads, granting the hacker control over affected targets. An advanced botnet like the infamous Mirai can build up an entire army of “zombified” devices that would then be used for denial-of-service attacks and other malicious activities. BotenaGo, the new addition to this malware class, first came up on radars in November 2021 as a sleek and dangerous virus, packing 33 vulnerabilities tailored to infect millions of routers. A lot of the exploits it relies on are command injections, which force the device to execute malicious OS commands and are ranked as one of the most dangerous software vulnerabilities. In January 2022, BotenaGo’s source code went up on GitHub, available for any rookie hacker to use at will, or add some of its exploits to their own custom malware.

Sternum pitted the malware against its unique IoT security solution in a live-fire trial on an off-the-shelf vulnerable device. First, the company’s team used a command injection exploit from the virus’s arsenal to infect an unpatched and unprotected Zyxel NAS326 cloud storage device. To confirm the successful attack, the security experts switched the light indicators on the device’s front on and off through the malware.

Then, Sternum researchers installed the company’s solution on the device, still unpatched, and ran the attack again multiple times. The solution successfully protected the cloud storage unit, striking down the infection attempts. It also automatically collected all the necessary forensics data such as timestamps and IP addresses involved in the attacks, pinpointing the vulnerabilities in the device’s firmware and offering automatic root-cause analysis.

Sternum’s single-click security solution gives any connected device the ability to protect itself against hacking attempts in real-time. It seeks out the generic fingerprints of various attack types such as command injection and buffer overflow to strike the attempted attack down and protect the runtime integrity of the secured device against both zero-day and one-day attacks. Its design fosters a proactive IoT security paradigm that ditches the need to play catch-up with hackers through long and costly patching. Sternum’s solution enables devices to actively defend themselves from novel pieces of malware even before security researchers identify them, as seen in the live demo.

“BotenaGo arms any script kiddo with a potent tool capable of infecting millions of devices. Patching takes time, and we know of a few cases where the devices were left vulnerable even after an available update. By beating the virus without the need for a patch, our platform once again proves itself as a powerful security platform that allows companies to always be one step ahead of the game. By focusing on generic fingerprints shared by all attacks instead of wasting time and money on patching specific vulnerabilities, it can defeat viruses that haven’t even been written yet.”

Natali Tshuva, Co-Founder and CEO of Sternum

About Sternum
Sternum, the provider of the first universal IoT platform for security and observability offering runtime protection and visibility to IoT devices, was founded in 2018 by 8200 veterans with a profound understanding of both defender and attacker mindsets. With a goal to deliver one unified and powerful platform to all IoT devices across sectors, Sternum set out to build an uncompromising, innovative technology. Sternum’s product suite consists of two key solutions: Embedded Integrity Verification (EIV) and ADS (Analytics & Detection System); both answer the unique needs of IoT device-level protection and visibility in medical, industry 4.0, smart cities, energy, and beyond.

Spotlight

Unlock the Power of Private 5G: Top Applications and Key Business Outcomes

The private 5G market is at an early stage of development, but activity in the market is increasing. 5G accounted for over 50% of all publicly disclosed private network announcements at the end of 2022, according to Analysys Mason’s Private LTE/5G networks tracker.1 5G’s share is lower when non-public announcements are included, but it is expected that most private networks will eventually use 5G.

More featured news

Spotlight

Unlock the Power of Private 5G: Top Applications and Key Business Outcomes

Related News

SOFTWARE AND TOOLS

Energous' AirFuel RF Becomes an Industry Standard for Wireless Charging of IoT Devices

Energous Corporation | January 18, 2023

Energous Corporation, a developer of RF-based charging for wireless power networks, has announced that AirFuel RF, a radio frequency-based wireless charging technology from AirFuel Alliance, is now an industry standard. With the adoption of AirFuel RF as an industry standard, Energous is one step closer to realizing its goal of having its wireless power networks become the preferred method for powering consumer electronics. Energous has been a board member of the AirFuel Alliance since 2016 and supports the development of this industry standard for wireless charging technology that can be used for IoT devices, allowing for batteryless, mobile, waterproof, maintenance-free, and easier-to-implement devices. With the development of AirFuel RF as an industry standard, Energous can now take its charging technology to the next level. Cesar Johnston, CEO of Energous, commented, “Energous has been on the AirFuel Alliance board of directors since 2016 and we are proud to have supported this development, a critical milestone for the scalability of the growing ecosystem of IoT devices, which need consistent and reliable power.” He added, “Over-the-air RF-based wireless power enabled by AirFuel RF and our WattUp technology frees IoT deployments from the burdens of replaceable batteries and power cables, enabling a new reality of batteryless, mobile, waterproof, maintenance-free, and easier-to-implement devices.” (Source: Businesswire) This technology makes it possible for wearables, retail, smart sensors, accessories, and more to work without batteries. With this new industry standard, Energous' AirFuel RF technology will open up many possibilities for developing the Internet of Things (IoT). About Energous Corporation Energous Corporationis the global leader in wireless power networks. Its award-winning WattUp® solution is the only one that enables both contact and distance charging via a fully compatible ecosystem. WattUp, which is built on fast, efficient, and highly scalable RF-based charging technology, is positioned to offer improvements in power, efficiency, foreign device detection, freedom of movement, and overall cost over older, first-generation coil-based charging technologies for industrial and retail IoT, smart homes, smart cities, and medical devices. Energous creates silicon-based wireless power transfer (WPT) technologies and customizable reference designs for global customers, as well as providing worldwide regulatory assistance, a dependable supply chain, quality assurance, and sales and technical support. To date, the company has received over 200 patents for its WattUp wireless charging technology and received the world's first FCC Part 18 certification for at-distance wireless charging.

ENTERPRISE IOT, DEVICES

iTAC Illustrates Benefits of AIoT in Manufacturing Industry

iTAC | February 14, 2023

iTAC Software AG, the MES/MOM specialist, is advancing IoT possibilities by combining AI with IoT (AIoT) and creating new value from data. The company focuses on gathering, analyzing, and understanding data from sensors and machines with the help of an MES/MOM. Manufacturing enterprises can use this integration to draw predictions and develop self-learning processes through data. Martin Heinz, a board member of iTAC Software AG, explains, "With the Internet of Things and a multitude of networked machines, more data is available. However, this data is worthless if it cannot be used in decision-making processes. It must therefore be processed and evaluated by AI applications as quickly as possible. Artificial intelligence can also draw comparisons with other processes, systems and their data and, by learning from experience, independently solve future tasks, avoid errors and optimize processes." (Source – RealWire) The IoT framework, therefore, requires artificial intelligence, which in turn necessitates the IoT as a data source. As part of the MOM (Manufacturing Operations Management) system, the iTAC.IIoT.Edge software combines IIoT data with MES (Manufacturing Execution Systems) data to create flat data structures for real-time analysis. Numerous ML/AI uses, such as prediction, can be built for advanced and digitalized manufacturing using its edge solution. For example, monitoring machine and sensor data facilitate the prediction of machine failures (a reduction of nearly 70%). In addition, the company provides a use case library that enables the implementation of numerous applications by customers. About iTAC Software AG iTAC Software AG, a subsidiary of the mechanical and plant engineering firm Dürr, provides the manufacturing industry with internet-enabled information and communication technologies. The company, founded in 1998, is one of the top MES/MOM providers. The iTAC.MOM.Suite is a comprehensive Manufacturing Operations Management system utilized globally by businesses in diverse industries, including automotive, electronics/EMS, metal casting, and energy. It also offers services and solutions for implementing IIoT and Industry 4.0 requirements. The firm is headquartered in Montabaur, Germany and has offices in the United States, Mexico, China, and Japan, as well as a global sales and service partner network.

ENTERPRISE IOT, INFRASTRUCTURE

Telit Cinterion Emphasizes IoT Offerings Through Rebranding

Telit Cinterion | February 27, 2023

On February 27, 2023, Telit Cinterion, a renowned global leader in intelligent edge, completed its global rebranding effort, highlighting its established and rapidly expanding position in the Internet of Things (IoT) marketplace. This new branding was revealed at Mobile World Congress (MWC) in Barcelona, and encapsulates the company's vision of building a new era of hyper-connectivity, enabling seamless and secure networking with full orchestration of edge and cloud data. The rebranding effort has been carried out to showcase Telit Cinterion's end-to-end IoT offering, serving the world's largest enterprises, original equipment manufacturers (OEMs), system integrators, and service providers. In addition, it is a testament to the company's unwavering commitment to providing innovative and comprehensive IoT solutions that cater to the diverse needs of its customers. The company is harnessing invisible intelligence to record data points spanning numerous industries, including education, energy, medicine, transportation, and security. This allows the company to solve business problems while ensuring that all data is protected efficiently and securely from any potential security breaches. Overall, Telit Cinterion's new branding reinforces the company's position as a leader in the IoT space, highlighting its commitment to providing innovative and comprehensive IoT solutions that cater to the diverse needs of its customers. Paolo Dal Pino, CEO of Telit Cinterion, shared, "The technology solution marketplace can be highly complex for a business looking for a partner. The Telit Cinterion brand is meant to break through the noise with our role as a robust end-to-end solution — from connectivity to the device — with specific capabilities for a variety of use cases and verticals." He added, "While this rebrand showcases our trailblazing, outside-the-box boldness with innovation, security and customer passion, it is proven results — our demonstrated growth in the market, enhanced product offerings and world-class team — which give us a competitive advantage." (Source – Cision PR Newswire) About Telit Cinterion Telit Cinterion is a leader in intelligent edge, providing best-in-class enterprise-grade products and software. It enables businesses to manage IoT devices, connectivity, and data orchestration with an end-to-end system approach. Its engineering practices and design methodologies are designed to surpass industry standards. With over 20 years of experience, the company delivers custom-designed, ready-for-market connected devices, a broad portfolio of wireless communication and positioning modules, MVNO connectivity plans, and IoT platforms. It is based in Irvine, Calif.